See if they have published advisories (your pentesters had vulnerabilities discovered by their researchers) in field that you're going to ask them. This is the only way to understand if they have real practice in finding vulnerabilities.